| By: Francis Onyemachi
The Nigeria Data Protection Commission has introduced a new assessment framework for Data Protection Officers, making continuous professional development, a mandatory requirement for maintaining active verification status.
Issued under Schedule 3 of the General Application and Implementation Directive (GAID) 2025, the framework sets out a structured assessment system aimed at ensuring DPOs keep pace with evolving data protection laws, cybersecurity developments and global privacy standards.
According to the Commission, the framework is designed to improve transparency in the allocation of CPD credits, encourage DPOs to participate actively in initiatives that advance data privacy and protection, build a globally competitive pool of data protection professionals in Nigeria, and encourage training providers, data controllers and data processors to prioritise continuous professional development.
Annual CPD Requirement
Under the new guideline, certified DPOs must earn a minimum of 20 Continuous Professional Development (CPD) points each year from a total allocation of 40 points to retain their active verification status.
At least 10 of the required 20 points must come from structured training programmes to ensure meaningful professional development.
The CPD assessment framework is divided into three categories:
- Formal Training and Certification
- Knowledge Contribution (maximum of 10 points annually)
- Professional Engagement and Ecosystem Participation (maximum of 8 points annually)
Evidence and Verification
The Commission said DPOs seeking verification must submit supporting documents to demonstrate compliance with the CPD requirements.
According to the guideline:
“The evidence may include certificates of attendance, confirmation emails, copies or links to publications, formal letters of participation, and Professional Education and Engagement Review Forms.”
Implementation and Compliance
The NDPC said compliance with the CPD requirements will be reviewed annually during certification revalidation.
DPOs who fail to meet the required threshold may have their verification status temporarily changed to inactive until they complete the outstanding professional development requirements.
To support implementation, the Commission said it will introduce a digital platform for submitting, tracking and monitoring CPD records.
What the New Guideline Means for DPOs
The new framework marks a significant shift in how Data Protection Officers are assessed, placing greater emphasis on continuous learning rather than one-time certification.
Under the guideline:
- DPOs must earn at least 20 CPD points every year to maintain active verification status.
- A minimum of 10 points must come from formal learning activities such as NDPC-accredited training programmes, recognised workshops and webinars, virtual privacy learning platforms, advanced NDPC-approved courses, and international privacy certification programmes.
- DPOs can also earn additional points by contributing to the growth of Nigeria’s data protection ecosystem through publishing articles, speaking at conferences, participating in NDPC technical working groups, maintaining membership in recognised professional bodies, mentoring emerging privacy professionals, and contributing to regulatory consultations.
The Commission said annual certification renewal will now include a review of CPD compliance, with non-compliant officers facing temporary inactive status until they satisfy the requirements.
The framework comes as NDPC strives to ensure that data protection professionals continually update their knowledge as Nigeria’s digital economy expands and organisations process increasing volumes of personal data across sectors.
